[Opensim-dev] OAuth as authentication and authorisation (capability) specification
diva at metaverseink.com
diva at metaverseink.com
Tue Apr 28 03:49:07 UTC 2009
Melvin Carvalho wrote:
> It's a good idea to have some kind of decentral system, whether it be
> openid or ssl.
>
> These diagrams may give you a flavour of the interactions you'd use in
> each case:
>
> http://esw.w3.org/topic/PushBackDataToLegacySourcesAuthentication
>
> Both are great solutions, imho, openid/oauth slightly more mature, ssl
> slightly fewer interactions/redirections, you'll have to decide what
> suits best.
I'm not entirely sure what on Web calls for things like OpenID
redirects. Is it because the web browser is dumb?
Because if you have a non-dumb browser, it can keep state. You don't
need much more than the masterKey and the subsequent services keys --
that's enough. If you can keep that state on the client side, there is
absolutely no need for redirects of any sort. The user logs in to
his/her identity service (whatever that is) *first*, and moves on to
using any services he/she wants without ever needing those services to
redirect.
So what is it about the Web that made people come up with this idea of
redirecting the login procedure across trust domain boundaries?
More information about the Opensim-dev
mailing list